Correct usage of salt, iteration count, with PBE
843810Apr 5 2002 — edited Apr 25 2002I read an article on a "popular commercial security" company's site which stated that the salt value should change between encryption requests. Additionally it stated it is also safe to return the salt value with ciphertext to the caller.
My question is, does this mean that we should not encapsulate the salt value in the class which supplies the encryption service (as is exemplified in the JCE documentation for PBE), but rather return the salt to the caller? If that is true, then I assume we should do the same for the iteration count as well.
This seems a bit intrusive on the caller because now it needs to manage the lifecycle of the salt and the iter count itself - for, it must supply these values in order to decrypt the ciphertext.
Thoughts?